CVE-2023-29458 - OpenCVE

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zabbix	Zabbix

Configuration 1 [-]

OR	cpe:2.3:a:zabbix:zabbix:5.0.34:::::::*
	cpe:2.3:a:zabbix:zabbix:6.0.17:::::::*
	cpe:2.3:a:zabbix:zabbix:6.4.2:::::::*

No data.

References

Link	Providers
https://support.zabbix.com/browse/ZBX-22989

History

No history.

MITRE

Status: PUBLISHED

Assigner: Zabbix

Published: 2023-07-13T09:33:46.403Z

Updated: 2024-08-02T14:07:46.220Z

Reserved: 2023-04-06T18:04:44.892Z

Link: CVE-2023-29458

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-13T10:15:09.573

Modified: 2023-07-25T15:05:05.530

Link: CVE-2023-29458

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-29458", "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "state": "PUBLISHED", "assignerShortName": "Zabbix", "dateReserved": "2023-04-06T18:04:44.892Z", "datePublished": "2023-07-13T09:33:46.403Z", "dateUpdated": "2024-08-02T14:07:46.220Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Proxy", "Server"], "product": "Zabbix", "repo": "https://git.zabbix.com/", "vendor": "Zabbix", "versions": [{"changes": [{"at": "5.0.35rc1", "status": "unaffected"}], "lessThanOrEqual": "5.0.34", "status": "affected", "version": "5,0,0", "versionType": "git"}, {"changes": [{"at": "6.0.18rc1", "status": "unaffected"}], "lessThanOrEqual": "6.0.17", "status": "affected", "version": "6,0,0", "versionType": "git"}, {"changes": [{"at": "6.4.3rc1", "status": "unaffected"}], "lessThanOrEqual": "6.4.2", "status": "affected", "version": "6.4.0", "versionType": "git"}, {"changes": [{"at": "7.0.0alpha1", "status": "unaffected"}], "lessThanOrEqual": "7.0.0alpha1 ", "status": "affected", "version": "7.0.0alpha1", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "nepalihacker0x01"}], "datePublic": "2023-06-16T11:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use."}], "value": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use."}], "impacts": [{"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "shortName": "Zabbix", "dateUpdated": "2023-07-13T09:33:46.403Z"}, "references": [{"url": "https://support.zabbix.com/browse/ZBX-22989"}], "source": {"discovery": "UNKNOWN"}, "title": "Duktape 2.6 bug crashes JavaScript putting too many values in valstack.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:07:46.220Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.zabbix.com/browse/ZBX-22989", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:5.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "21E9CA91-6BA2-4046-A81B-56203307F325", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "F6C005FB-B627-4C3B-8873-4ECF4A3696CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "2FECE71F-56F9-4E90-99EC-DBDCFE5AC605", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use."}], "id": "CVE-2023-29458", "lastModified": "2023-07-25T15:05:05.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "security@zabbix.com", "type": "Secondary"}]}, "published": "2023-07-13T10:15:09.573", "references": [{"source": "security@zabbix.com", "tags": ["Third Party Advisory"], "url": "https://support.zabbix.com/browse/ZBX-22989"}], "sourceIdentifier": "security@zabbix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-129"}], "source": "security@zabbix.com", "type": "Secondary"}]}